Cognito Detect is the most powerful way to find and stop cyberattackers in real time

Similar documents
The Cognito automated threat detection and response platform

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

How Vectra Cognito enables the implementation of an adaptive security architecture

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Vectra Cognito Automating Security Operations with AI

Automated Threat Management - in Real Time. Vectra Networks

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

SIEM Solutions from McAfee

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Transforming Security from Defense in Depth to Comprehensive Security Assurance

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

RSA NetWitness Suite Respond in Minutes, Not Months

Compare Security Analytics Solutions

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

QuickSpecs. Aruba IntroSpect User and Entity Behavior Analytics. Overview. Aruba IntroSpect User and Entity Behavior Analytics Product overview

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

DATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.

Novetta Cyber Analytics

McAfee Endpoint Threat Defense and Response Family

Security. Made Smarter.

Catch an Active Cyber Attack in minutes

Incident Response Agility: Leverage the Past and Present into the Future

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Integrating Okta and Preempt Detecting and Preventing Threats With Greater Visibility and Proactive Enforcement

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

Traditional Security Solutions Have Reached Their Limit

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

RSA INCIDENT RESPONSE SERVICES

Building Resilience in a Digital Enterprise

Sandboxing and the SOC

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

CloudSOC and Security.cloud for Microsoft Office 365

Reducing the Cost of Incident Response

MCAFEE INTEGRATED THREAT DEFENSE SOLUTION

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

McAfee Advanced Threat Defense

Securing Your Amazon Web Services Virtual Networks

RSA Security Analytics

The Vectra App for Splunk. Table of Contents. Overview... 2 Getting started Setup... 4 Using the Vectra App for Splunk... 4

Securing Your Microsoft Azure Virtual Networks

PROTECTING THE ENTERPRISE FROM BLUEBORNE

MITIGATE CYBER ATTACK RISK

RSA INCIDENT RESPONSE SERVICES

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Defend Against the Unknown

ForeScout Extended Module for Splunk

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

A Practical Guide to Efficient Security Response

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

CyberArk Privileged Threat Analytics

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Infrastructure Blind Spots Continue to Fuel Personal Data Breaches. Sanjay Raja Lumeta Corporation Lumeta Corporation

Power of the Threat Detection Trinity

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

ForeScout ControlFabric TM Architecture

This Cylance Is Headline This Is. Products and

FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

FOR FINANCIAL SERVICES ORGANIZATIONS

How to Secure Your Cloud with...a Cloud?

Intro to Niara. no compromise behavioral analytics. Tomas Muliuolis HPE Aruba Baltics Lead

NEXT GENERATION SECURITY OPERATIONS CENTER

Un SOC avanzato per una efficace risposta al cybercrime

Privileged Account Security: A Balanced Approach to Securing Unix Environments

esendpoint Next-gen endpoint threat detection and response

Integrated, Intelligence driven Cyber Threat Hunting

Streaming Prevention in Cb Defense. Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

BUILDING AND MAINTAINING SOC

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Seceon s Open Threat Management software

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

CLEARPASS EXCHANGE. Open third party integration for endpoint controls, policy and threat prevention SOLUTION OVERVIEW MAKE BETTER-INFORMED DECISIONS

Whitepaper. Advanced Threat Hunting with Carbon Black Enterprise Response

SOLUTION BRIEF RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD

CYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta

Building a Threat-Based Cyber Team

empow s Security Platform The SIEM that Gives SIEM a Good Name

SIEMLESS THREAT DETECTION FOR AWS

Juniper Sky Advanced Threat Prevention

JUNIPER SKY ADVANCED THREAT PREVENTION

Fidelis Overview. ISC 2 DoD and Industry Forum. Rapid Detection and Automated Incident Response DoD & Commercial Active Defense Use Cases

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Behavioral Analytics A Closer Look

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Simplify, Streamline and Empower Security with ISecOps

The threat landscape is constantly

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Cisco Start. IT solutions designed to propel your business

The data science behind Vectra threat detections. White paper

Transcription:

Overview Cognito Detect is the most powerful way to find and stop cyberattackers in real time HIGHLIGHTS Always-learning behavioral models use AI to find hidden and unknown attackers, enable quick, decisive action, and provide a clear starting point for AI-assisted threat hunting. Detects known threats by using AI and integrating other critical sources of threat intelligence. Analyzes enriched network metadata, relevant logs and cloud events to gain high-fidelity visibility into cyberattacker behaviors in all cloud and data center workloads and user and IoT devices. Unique context eliminates the endless hunt-and-search for threats and enables immediate action by proactively putting the most relevant information at your fingertips. Works with EDR, NAC firewalls and other enforcement points to block new classes of threats. Provides a clear starting point for more extensive investigations with Cognito Recall, SIEMs and forensic tools. A critical part of the Cognito cyberattack-detection and threat-hunting platform, Cognito Detect from Vectra is the fastest, most efficient way to find and stop cyberattackers in public clouds, private data centers and enterprise environments. It uses artificial intelligence to deliver real-time attack visibility and put attack details at your fingertips. In addition to empowering quick, decisive action in response to in-progress attacks, Cognito Detect provides a vital starting point for professional threat hunters that use Cognito Recall for deeper investigations. By combining advanced machine learning techniques including deep learning and neural networks with always-learning behavioral models, Cognito Detect quickly and efficiently finds hidden and unknown attackers before they do damage. Cognito Detect provides enterprise-wide visibility into hidden cyberattackers by analyzing all network traffic and logs from security systems, authentication systems and SaaS applications. This leaves attackers with nowhere to hide from cloud and data center workloads to user and IoT devices. As part of the Cognito Detect subscription, software updates with new threat detection algorithms are delivered to customers on a regular basis to ensure they are continuously protected from the latest advanced threats. Security analyst in software Cognito Detect automates the hunt for cyberattackers, shows where they re hiding and tells you what they re doing. The highest-risk threats are instantly triaged, correlated to hosts and prioritized so security teams can respond faster to stop in-progress attacks and avert data loss. I am artificial intelligence. The driving force behind the hunt for cyberattackers. I am Cognito. Attacker detections are instantly prioritized, scored and correlated to compromised host devices

COGNITO ARTIFICIAL INTELLIGENCE Rich Metadata Identify Attacker Behavior Automated Analysis Drive Response Network traffic System, auth and SaaS logs IoCs (STIX) Machine learning Behavioral analytics Network effect Triage and correlate threats to hosts Prioritize hosts by risk Uncover attack campaigns Intuitive UI with rich context Enable automated response Firewall, endpoint, SIEM and NAC integration By automating the manual, time-consuming analysis of security events, Cognito Detect condenses weeks or months of work into minutes and reduces the security-analyst workload on threat investigations by 32X. This enables security operations teams that are understaffed and under siege to stay ahead of cyberattackers and respond faster to hidden threats. How Cognito Detect works Rich metadata Cognito Detect gives you real-time visibility into network traffic by extracting metadata from packets rather than performing deep packet inspection, enabling protection without prying. Metadata analysis is applied to all internal (east-west) traffic, Internet-bound (north-south) traffic, virtual infrastructure, and cloud computing environment. Cognito Detect identifies, tracks, and scores every IP-enabled device inside the network. This visibility extends to laptops, servers, printers, BYOD and IoT devices as well as all operating systems and applications, including traffic between virtual workloads in data centers and the cloud, even SaaS applications. System, authentication and SaaS logs provide context enrichment to network metadata analysis for accurate identification of systems and users. Cognito Detect uses STIX threat intelligence to detect threats based on known indicators of compromise derived from threat intelligence. These are correlated with other attacker behaviors to ensure pinpoint accuracy of host threat and certainty scores to prioritize risk. Identify attacker behaviors The collected metadata is analyzed with behavioral detection algorithms that spot hidden and unknown attackers. This exposes fundamental attacker behaviors in network traffic, such as remote access tools, hidden tunnels, backdoors, credential abuse, and internal reconnaissance and lateral movement. Cloud Data Center Users IoT With Cognito Detect, attackers have nowhere to hide Cognito Detect provides threat detection coverage across the entire enterprise 2 Cognito Detect

Cognito Detect continuously learns your local environment and tracks all physical and virtual hosts to reveal signs of compromised devices and insider threats. A wide range of cyberthreats are automatically detected in all phases of the attack lifecycle, including: Command-and-control and other hidden communications Internal reconnaissance Lateral movement Abuse of account credentials Data exfiltration The Attack Campaigns feature further automates security detections by connecting the dots of related attacker behaviors and exposing the relationship between hosts across internal detections, external advanced command-andcontrol detections, and connectivity to common command-andcontrol infrastructures. As attackers perform reconnaissance and move laterally from host to host in a network, Cognito Detect correlates their behaviors across all involved hosts and detections and presents a synthesized view of the entire attack campaign. Early indicators of ransomware activity Botnet monetization Attack campaigns, including the mapping of all hosts and their associated attack indicators Cognito Detect also monitors and detects suspicious access to critical assets by authorized employees, as well as policy violations related to the use of cloud storage, USB storage and other means of moving data out of the network. Automated analysis The Threat Certainty Index in Cognito Detect consolidates thousands of events and historical context to pinpoint hosts that pose the biggest threat. Instead of generating more events to analyze, Cognito Detect boils down mountains of data to show what matters most. Threat and certainty scores trigger notifications to your staff or a response from other enforcement points, SIEMs and forensic tools. Cognito Detect presents a synthesized view of an entire attack campaign Cognito Detect pivots to show views of hosts or related campaign detections, and analyzes event history spanning its entire lifetime to better understand the activity and full scope of attack. Drive response Respond quickly and decisively to threats by putting the most relevant information and context at your fingertips. Unlike security analytics products, Cognito Detect eliminates manual investigations by automatically prioritizing and correlating threats with compromised hosts and key assets that are the target of an attack. Cognito Detect puts threat detection details including host context, packet captures, and threat and certainty scores within immediate reach. The Threat Certainty Index in Cognito Detect In addition, Cognito Detect works with your next-generation firewalls, endpoint security, NAC, and other enforcement points to automatically block unknown and customized cyberattacks. Cognito Detect also provides a clear starting point for threat investigations, which boosts the efficiency of SIEMs and forensic analysis tools. 3 Cognito Detect

Firewall Context/Host ID Enhancement Ticketing/IR Security Orchestration Endpoint SIEM Cognito Detect Visibility* NAC *physical & cloud Cognito Detect works with widely used security enforcement points, SIEMs and forensic analysis tools Security that thinks Strengthen your existing security infrastructure Whether providing the intelligence to block a new class of threat with firewalls, endpoint security, NAC and other enforcement points, or providing a clear starting point for a more extensive search with SIEMs and forensic tools, Cognito Detect gives you more value from existing security technologies. Cognito Detect integrates with leading endpoint security solutions to automatically add enriched context to investigations and enables security operations teams to isolate compromised host devices. Real-time detection of data exfiltration in progress Security context that saves time Cognito Detect unburdens and empowers security operations teams that are understaffed. This is achieved by automating the time-consuming analysis of security events and eliminating the need to endlessly hunt for hidden threats. Each detection is explained in detail, along with the underlying event and historical context that led to the detection. Security analysts can instantly view a connection map of any host to see other hosts the device is communicating with and how. Cognito Detect also provides on-demand access to enriched metadata from captured packets for further forensic analysis. This gives security teams the proof and accuracy they need to take immediate, decisive action. A robust API enables automated response and enforcement with virtually any security solution. Cognito Detect also generates syslog messages and CEF logs for all detections as well as prioritized host scores. This makes Cognito Detect much more than just another source of logs and provides an ideal trigger for investigations and workflows within your SIEM. Full lifecycle detection of ransomware Cognito Detect identifies ransomware campaigns against enterprises and other organizations across all phases of an attack. By monitoring all internal network traffic, Cognito Detect identifies in seconds the fundamental behaviors of a ransomware attack as it attempts to take critical assets hostage. In addition to detecting ransomware directly, Cognito Detect exposes ransomware precursors, including command-and-control traffic, network scans and spreading behavior that ransomware relies on to find and encrypt critical assets. 4 Cognito Detect

Watching the watchers While attackers may initially compromise an end-user device, the real prize involves commandeering administrator or system credentials. Cognito Detect goes beyond simple user-behavior monitoring to detect signs of compromised administrators. Cognito Detect tracks administrative protocols and learns the specific machines or jump systems that are used to manage specific hosts, servers and workloads. This vigilance quickly reveals when a cybercriminal attempts to use administrative credentials and protocols to escalate an attack on the network. Native security for your private cloud The private-cloud data center has become the heart and soul of many organizations, yet often remains a blind spot for security teams. Cognito Detect persistently monitors critical data center applications, data, and infrastructure with the ability to detect even the most sophisticated attacks. Some 80% of data center traffic never leaves the data center and is not monitored by traditional perimeter-based security. Cognito Detect virtual sensors (vsensors) connect to any VMware vswitch to ensure visibility into all traffic and detect threats passing between workloads in the virtual environment. Cognito Detect also integrates with VMware vcenter to provide an authoritative, always up-to-date view of your virtual environment. In fact, Cognito Detect was the first to bring together the required visibility, context and intelligence to find advanced attacks inside the data center. Security from hardware to workload Data center security goes beyond virtualization and includes the physical server hardware and low-level tools used to manage the data center. Cognito Detect provides unprecedented threat detection that extends from the application layer down to the underlying hardware. For example, the Cognito Detect Port Knocking detection reveals servers that are compromised by a rootkit, which could reside below the physical operating system itself. In addition, Cognito Detect monitors and detects the improper use of low-level management protocols such as IPMI and idrac. Normally used by administrators for infrastructure-lights-out management of server hardware, these protocols are increasingly targeted by attackers because they give an always-on backdoor into the virtual environment yet are not logged and are rarely monitored by security. Unifying data center operations The Cognito Detect ransomware detection Modern data centers require constant coordination between networking, application development, virtualization teams, and of course, the security team. Cognito Detect makes it easy for all groups to remain in sync and retain full visibility into the virtual environment, even when workloads are constantly on the move. Cognito Detect visually displays the connections between all workloads and the type of traffic flowing between them. With full VMware vcenter integration, Cognito Detect provides an always up-to-date view of the environment and alerts about any assets that are not monitored for threats. The Cognito Detect Shell-Knocker detection Email info@vectra.ai Phone +1 408-326-2020 vectra.ai 2018 Vectra Networks, Inc. All rights reserved. Vectra, the Vectra Networks logo and Security that thinks are registered trademarks and Cognito, Cognito Detect, Cognito Recall, the Vectra Threat Labs and the Threat Certainty Index are trademarks of Vectra Networks. Other brand, product and service names are trademarks, registered trademarks or service marks of their respective holders.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback